Gentoo Bug 203085 - sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	203085
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 203085 depends on:	172206		Show dependency tree
Bug 203085 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-12-22 21:34 0000

CVE-2007-6465 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6465):
  Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia
  before 3.0.6 allow remote attackers to inject arbitrary web script or HTML
  via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G,
  (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b)
  web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17)
  cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and
  (26) gs parameters to (c) web/get_context.php.  NOTE: some of these details
  are obtained from third party information.

------- Comment #1 From Robert Buchholz 2007-12-22 21:36:54 0000 -------

HP-Cluster herd, please advise.

Bug 172206 contains updated ebuilds.

------- Comment #2 From Robert Buchholz 2008-01-05 00:18:56 0000 -------

ping.

------- Comment #3 From Justin Bronder 2008-01-05 01:36:34 0000 -------

ganglia-3.0.6 added to cvs.

------- Comment #4 From Robert Buchholz 2008-01-05 02:14:10 0000 -------

Thanks a lot.

Arches, please test and mark stable sys-cluster/ganglia-3.0.6.
Target keywords : "x86"

------- Comment #5 From Markus Meier 2008-01-05 11:34:48 0000 -------

x86 stable, last arch.

------- Comment #6 From Robert Buchholz 2008-01-05 12:59:16 0000 -------

It's a vote.

NO for me.

------- Comment #7 From Sune Kloppenborg Jeppesen 2008-01-05 18:12:54 0000 -------

Voting NO and closing.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 203085

sys-cluster/ganglia < 3.0.6 Multiple cross-site scripting issues (CVE-2007-6465)

Last modified: 2008-01-05 18:12:54 0000